This request is superseded by
request 1165380
(Show diff)
Overview
Request 1164241 superseded
Update to version 24.04.02.
This request will change the packaging from using a release tarball to generating the tarball directly from git to harden the package against supply chain attacks.
I would appreciate any feedback on this change and will leave the request open for a little bit.
- Created by DarkWav
- In state superseded
- Package maintainer: DarkWav
- Superseded by 1165380
Loading...
Request History
DarkWav created request
Update to version 24.04.02.
This request will change the packaging from using a release tarball to generating the tarball directly from git to harden the package against supply chain attacks.
I would appreciate any feedback on this change and will leave the request open for a little bit.
why have source twice (as tarball and obscpio)?
Thanks for the heads up, should I simply delete the obscpio and handle it like this package: https://build.opensuse.org/package/show/openSUSE:Factory/plymouth
I would suggest otherwise - keep obscpio - see i.e https://build.opensuse.org/package/show/network:cryptocurrencies/xmrig but tarball will work as well (see i.e https://build.opensuse.org/package/show/Base:System/thin-provisioning-tools)
Thanks for the suggestion, I have made a new request that will (hopefully) handle tarball generation better: https://build.opensuse.org/request/show/1165380